CyberSecurityBoard
Sponsor Register Login

Atlassian reveals four fresh critical flaws The Register

Atlassian has emailed its customers to warn of four critical vulnerabilities, but the message had flaws of its own - the links it contained weren't live for all readers at the time of despatch.
The email, seen by The Register, warns of flaws rated 9.0 or higher on the Common Vulnerability Scoring System scale and offers a link to an advisory.
That link was to a page that did not describe the relevant flaws, instead detailing CVE-2023-22518, the 9.1-rated stinker revealed in late October and later upgraded to a perfect 10/10.
Nor did links to the four CVEs the email mentions reach the correct page for around an hour - all produced a Page Not Found error and a suggestion that the page may have been renamed with another URL that does carry the correct information.
The URLs all include URLdefense.com - a service offered by Proofpoint.
While the links were dead, Atlassian did manage to publish info about the four fresh problems here.
The fix for all the flaws is the same: upgrade the product to a fixed version.


This Cyber News was published on go.theregister.com. Publication date: Wed, 06 Dec 2023 07:13:05 +0000


Cyber News related to Atlassian reveals four fresh critical flaws The Register

Atlassian warns of 4 new critical vulnerabilities affecting Jira, Confluence, Bitbucket - Atlassian Jira, Confluence, Bitbucket and macOS Companion app users are warned to update their software immediately due to four critical vulnerabilities allowing for remote code execution. Atlassian, an Australian software company, has more than ...
2 years ago Packetstormsecurity.com CVE-2023-22518 CVE-2023-22522 CVE-2023-22523
Atlassian warns of exploit for Confluence data wiping bug, get patching - Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. Tracked as CVE-2023-22518, this is an improper ...
2 years ago Bleepingcomputer.com CVE-2023-22518 CVE-2023-22515
Atlassian reveals four fresh critical flaws The Register - Atlassian has emailed its customers to warn of four critical vulnerabilities, but the message had flaws of its own - the links it contained weren't live for all readers at the time of despatch. The email, seen by The Register, warns of flaws rated ...
2 years ago Go.theregister.com CVE-2023-22518
Critical Atlassian Confluence bug exploited in Cerber ransomware attacks - Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims' files using Cerber ransomware. Described by Atlassian as an improper authorization vulnerability and tracked as ...
2 years ago Bleepingcomputer.com CVE-2023-22518 CVE-2023-22515 Trigona
Atlassian warns of critical RCE flaw in older Confluence versions - Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution vulnerability that impacts versions released before December 5, 2023, including out-of-support releases. The flaw is tracked as CVE-2023-22527, ...
2 years ago Bleepingcomputer.com CVE-2023-22527
Atlassian Confluence Server RCE attacks underway The Register - More than 600 IP addresses are launching thousands of exploit attempts against CVE-2023-22527 - a critical bug in out-of-date versions of Atlassian Confluence Data Center and Server - according to non-profit security org Shadowserver. Atlassian ...
2 years ago Go.theregister.com CVE-2023-22527
Atlassian Patches RCE Flaw that Affected Multiple Products - Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in multiple products. The CVEs for these vulnerabilities have been assigned as CVE-2023-22522, CVE-2023-22523, CVE-2023-22524, and CVE-2022-1471. ...
2 years ago Gbhackers.com CVE-2023-22522 CVE-2023-22523 CVE-2023-22524 CVE-2022-1471
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
8 years ago
Atlassian patches critical RCE flaws across multiple products - Atlassian has published security advisories for four critical remote code execution vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. All security issues addressed received a critical-severity ...
2 years ago Bleepingcomputer.com CVE-2023-22522 CVE-2023-22524 CVE-2022-1471 CVE-2023-22523
Patch Now: Critical Atlassian Bugs Endanger Enterprise Apps - It's time to patch again: Four critical security vulnerabilities in Atlassian software open the door to remote code execution and subsequent lateral movement within enterprise environments. They are just the latest bugs to surface of late in the ...
2 years ago Darkreading.com CVE-2022-1471 CVE-2023-22522 CVE-2023-22524
CVE-2022-26136 - A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This ...
1 year ago
CVE-2022-26137 - A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security ...
1 year ago
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
8 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
8 years ago
Attacks begin on critical Atlassian Confluence vulnerability - Multiple cybersecurity organizations have observed exploitation attempts against a critical Atlassian Confluence vulnerability that was disclosed and patched last week. In a security advisory published on Jan. 16, Atlassian detailed a remote code ...
2 years ago Techtarget.com CVE-2023-22527 CVE-2023-22518 CVE-2023-22515
Atlassian Patches Critical Remote Code Execution Vulnerabilities - Business software maker Atlassian this week announced updates that address critical-severity remote code execution vulnerabilities in Confluence and other products. Atlassian, which rates the vulnerability with a CVSS score of 9.0, notes that an ...
2 years ago Securityweek.com CVE-2023-22524 CVE-2023-22523 CVE-2022-1471
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
1 year ago Tenable.com
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
1 year ago Tenable.com
CVE-2023-52911 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
Discovering SSRF Flaws in Microsoft Azure Services - Microsoft Azure is an incredibly popular cloud computing platform and its services are used around the world. Recently, security researchers uncovered several Server-Side Request Forgery (SSRF) flaws in many of Microsoft Azure’s services. This type ...
3 years ago Securityaffairs.com
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day - Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. While eight remote code execution bugs were fixed, Microsoft only rated three ...
2 years ago Bleepingcomputer.com CVE-2023-20588
Over 1,450 pfSense servers exposed to RCE attacks via bug chain - Roughly 1,450 pfSense instances exposed online are vulnerable to command injection and cross-site scripting flaws that, if chained, could enable attackers to perform remote code execution on the appliance. PfSense is a popular open-source firewall ...
2 years ago Bleepingcomputer.com CVE-2023-42325 CVE-2023-42327 CVE-2023-42326
Apple and some Linux distros are open to Bluetooth attack The Register - A years-old Bluetooth authentication bypass vulnerability allows miscreants to connect to Apple, Android and Linux devices and inject keystrokes to run arbitrary commands, according to a software engineer at drone technology firm SkySafe. The bug, ...
2 years ago Go.theregister.com CVE-2023-45866
Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers - Cybersecurity researchers have discovered a stealthy backdoor named Effluence that's deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server. "The malware acts as a ...
2 years ago Thehackernews.com CVE-2023-22515 CVE-2023-22518
Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances - Enterprise software maker Atlassian on Tuesday warned of a critical vulnerability in out-of-date Confluence Data Center and Server versions that could be exploited for remote code execution, without authentication. The issue, tracked as ...
2 years ago Securityweek.com CVE-2023-22527

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)